You will probably be classified as a 'data processor', rather than a 'data controller'. In that case you should list names and addresses of the data controllers of the companies you sell through - ebay, amazon etc. You should also document the type of processing ( 'why' you are processing the data) you are using the information for i.e sales, delivery and invoicing/book keeping.webtrekker;131099 wrote: So, my small business of less than 250 employees (ie. myself!) takes orders from ebay, manufactures and ships them, and then marks them as dispatched in ebay. End of story. The only data pertaining to those customers of mine exists solely on the ebay servers after I have done with it. Who is responsible for GDPR?
Pretty much, yes.webtrekker;131105 wrote:I honestly can't see half the population of homeworkers complying with this. It's stupidity of the highest order.
That is the nail on the head for anyone who only deals with their clients via 3rd parties, what you do with the info you have from them - this is what they are trying to get sorted, think of the data breaches there have been over the past few months from companies we intrust our information to - let alone the millions of businesses that work from home / small set ups.pisquee;131104 wrote:You will at some point print off data from the server onto paper - order forms/despatch note and address label - you should have in your policy how you process these bits of paper, if you keep them, or destroy them, if they are all sent to the customer, what you do with the emails you get from Ebay about these orders. Even if your policy says all data is printed onto paper and then sent to the customer, no paper work is kept on file or on paper.
Hence why I read the articles above, easier to digest.pw66;131159 wrote:There is an artticle in this months Printwear and Promotion. Haven't got enough life in me to read it yet.
Users browsing this forum: Amazon [Bot] and 1 guest